back to article UK discovers Huawei UK staff auditing Huawei kit: Govt orders probe

Huawei will be probed by a top Whitehall official after the Chinese tech giant's staff in Oxfordshire were given the job of auditing Huawei's telecoms gear for Blighty's communications networks. The review was ordered following the publication of a report by an influential committee of MPs which warned of a conflict of …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Oh look, another one.

    Another set of organisations (and in particular, I'd guess MBA-trained no-relevant-skills managers) that thinks the purpose of the audit is to shift stuff (ship it, sell it, get bonus) and not actually anything to do with checking whether something is actually fit for purpose medium term. A proper check would need relevant skilled (independent?) staff, might cost money for the audit, and might cost even more in upfront costs to make sure the stuff really is audit-ready. There'd even be a risk occasionally of the audit saying No. Imagine that!

  2. Richard Taylor 2

    snigger

    see above

    1. Destroy All Monsters Silver badge
      Facepalm

      Re: snigger

      In truth you would have to build everything from scratch to be sure.

      Ermm.... call our engineering department in Vietnam, sir?

      1. Velv
        Black Helicopters

        Re: snigger

        You can't even do that these days - European law gives equal employment opportunity to European workers, and you need to employ the best for the job.

        So in theory a foreign power could train "the best developers in the world", then pay them to apply for the jobs to develop our "UK kit".

        1. David Neil

          Re: snigger

          Sorry, but there are, and have always been, exceptions for national security.

          1. Alan Brown Silver badge

            Re: snigger

            Which is why they're also calling for Juniper and Cisco to setup similar auditing units, also to be staffed by GCHQ, isn't it?

            1. Danny 14

              Re: snigger

              No, GCHQ probably know about those backdoors and exploit them. Huawei havent spilled the beans yet...

  3. HereWeGoAgain

    The Civil Service at its best!

    Somebody in the Civil Service gave Huawei the job of auditing Huawei in the first place. Will heads roll? The Whitehall mandarin should be investigating his colleagues for stupidity.

    Anyway, it's a question of do we want to be spied on by the Americans or the Chinese? American kit is not more secure, it is more snoopable by the Americans.

    I wonder how many SSL Certificate Authorities have provided their private keys to Uncle Sam.

    1. Don Jefe
      Meh

      Re: The Civil Service at its best!

      This is reflective of privatization as much as government. Any time a private company can tilt things in their favor they're going to. Nobody should be surprised by that. Not arguing for bigger, more intrusive government, but if government spent their time (and money) doing what they're supposed to be doing instead of being intrusive and pandering to their private sector buddies things would be a lot better.

    2. dajames
      WTF?

      Re: The Civil Service at its best!

      I wonder how many SSL Certificate Authorities have provided their private keys to Uncle Sam.

      What an interesting thing to wonder! I think Uncle Sam has better ways of snooping than faking commercial PKI certificates...

      I suppose you do understand that knowing the CA's certificate doesn't help in attacking the private keys associated with the certificates that CA may have signed?

      1. Anonymous Coward
        Anonymous Coward

        Re: The Civil Service at its best!

        Uh no, you don't attack the private keys of the certificate the CA signed...

        If you have the private keys of the root CA, and you control the network, you instead produce a new identical certificate to the one installed on the site the end-user is trying to access, on-the-fly, and serve that to the end-user. Classic man-in-the-middle attack...

    3. Yes Me Silver badge

      Re: The Civil Service at its best!

      But once again, as with PRISM: what's the surprise? It was obvious from press stories months ago - maybe even here at Ye Vulture Central - that the centre was operated by Huawei itself. How come they're surprised?

      I need an icon for head scratching.

  4. Anonymous Coward
    Black Helicopters

    Does every piece of kit get the same treatment?

    Is Cisco vetted for foreign government backdoors, for example? After all, we know the US has massive form.

    1. BenDwire Silver badge
      Big Brother

      Re: Does every piece of kit get the same treatment?

      Don't you mean "Massive Phorm"?

    2. JohnG

      Re: Does every piece of kit get the same treatment?

      "Is Cisco vetted for foreign government backdoors..."

      Cisco kit is mostly manufactured in China these days. Even the chips used are also manufactured there, so there is ample opportunity to introduce "additional features" which are invisible to Cisco and their customers. Huawei started out making counterfeit Cisco modules, so their history is already tainted.

    3. Flashy Red
      Thumb Up

      Re: Does every piece of kit get the same treatment?

      Oooooh! *snap*

  5. Anonymous Coward
    Anonymous Coward

    They sound almost as trustworthy as the USA.

  6. Evoflash

    Self regulation?

    I did wonder where Fred the Shred would go next.

    Good for him diversifying his skill set.

  7. Rampant Spaniel

    Seriously, somebody asked them to audit their own gear??

    That gear will have intentional and unintentional vulnerabilities, just like cisco, juniper, ericsson etc. They might not be blatant backdoors, but that kit will have more back doors than Harewood house. It's not the gear we have been flogging China for years hasn't. Why should we expect them to have higher standards than ourselves.

    1. Danny 14
      Joke

      Whitehall put the contract out for bidding. Huawei won it fair and square....

  8. Gordon Pryra

    Not worth the time to even talk about this

    Why would Huawi go to all the effort? They would just chuck a few quid at BT

    After BT and their selling of customer surfing habits to Phorm (with the biggest wiretap we knew about until Snowden opened his mouth ) and their attempt to defend it with the immoral lie "we did not believe it to be illegal"

    You cannot trust a word this slime company tells you. They have already proved that they will sell customers down the river for a profit, and we are supposed to trust they would not do the same to the Chinese/Americans/any other power that asked?

    1. Anonymous Coward
      Anonymous Coward

      Re: Not worth the time to even talk about this

      Big companies have many departments, generally with different goals. Consequently they don't always see eye to eye. Sometimes one dept gets its way, and sometimes another. Don't tar all of BT with the Phorm brush.

    2. Alan Brown Silver badge

      Re: Not worth the time to even talk about this

      "You cannot trust a word this slime company tells you. They have already proved that they will sell customers down the river for a profit, and we are supposed to trust they would not do the same to the Chinese/Americans/any other power that asked?"

      Now that we know your opinion of BT, please switch the topic back to Huawei

      And bear in mind that the Great Firewall of China is built with Cisco kit.

  9. J.G.Harston Silver badge

    Calling the great white telephone

    Huawei... there's a reason I don't like Mandarin. Somebody once memorably described speaking Mandarin as feeling as though you'd just had a stroke and couldn't move your muscles.

    Much prefer Cantonese - which is more like an argument in a street market ;)

    1. davidp231

      Re: Calling the great white telephone

      "Much prefer Cantonese - which is more like an argument in a street market ;)"

      And the food is better too...

  10. Anonymous Coward
    Windows

    Wont someone think of the children?

    Huawei products are pretty deeply embedded in the UK. It does make sense to audit their devices.

    Does BT even know what goes into the little white boxes for FTTC connections? I don't. I've got several of the bloody things but unless I connect something to the remains of the RS232 interface on the mainboard I can't even connect to it to see its link speed. I'm pretty sure that might void my warranty in some way or at least cause a bill if it broke later and a sticker was found broken to show I'd opened it up.

    Never mind its on the list of things to do to my home one ...

    Cheers

    Jon

    1. Miek
      Linux

      Re: Wont someone think of the children?

      "Accidentally" spill some tea, or better still some Coke onto the offending sticker and claim it must have just perished.

  11. Mike Brown

    war with china

    its started already huh? not with tanks, or guns, but with computers and trade. intresting times

    1. Alan Brown Silver badge

      Re: war with china

      Gunboat diplomacy never really stopped.

  12. david 63

    It's ok...

    ...I've seen the exec summary of the audit report...

    "Huawei kit arr light, no plobrem"

    Well it is Friday afternoon.

    Coat - got.

  13. Miek
    Linux

    Huawei auditing Huawei gear, ha ha ha, whatever next? GCHQ activities being audited by Politicians?

  14. Anonymous Coward
    Anonymous Coward

    Nothing to see here...

    Situation normal, all fscked up.

    Usual UK Gov mixture of "lowest price = best" procurement strategy, plus normal level of ministerial & civil service retardation when it comes to technology. I bet Huawei offered to do the audit for free if they got the order. If verifying that equipment is being properly audited/assessed for suitability ISNT the responsibility of the top brass, then what on earth is?

    I conduct application, protocol, and network security assessments for a living. Dont get me wrong, Cisco et al have a performance that if far from stellar, but I can say with confidence that Huawei is on the trailing edge of the pack, probably due to their relative lack of experience.

    1. Alan Brown Silver badge

      Re: Nothing to see here...

      SInce when are UK.gov uying the vast majority of the kit?

      If they wish to audit it, then go ahead - but that's not going to stop private companies (such as BT) from buying thieir kit by the containerload when the price is right.

      As for Cisco, when their "list" price is 120% higher than what most large suppliers sell the stuff to Joe Random off the street for, you know they're not being sold because of the actual performance (Not that Cisco are the only ones who have "retail" prices that only the terminally stupid (or civil servants) would actually pay.

      Huawei is a little cheaper than the Cisco kit - and they don't anally rape for things like 10Gb HBAs (who on earth can justify 1500 quid when 3rd party compatibles are 400 and whitebox ones are 150?). The massive savings come into effect when you realise you're not vendor-locked.

  15. M7S

    Just a thought re security

    Is it wise to ask our brightest boffins to go, pre-announced, into the lair of the suspected enemy to work, possibly under supervision/survelliance (overt or otherwise), revealing all "our" secret methods of probing kit?

  16. Velv

    While it does leave itself wide open to abuse, it does have its upside.

    Huawei employees in the UK will get access to the kit that an external vetting company won't. Yes, they are Huawei employees, but they are (probably) British, or possibly European, so hopefully (and it is only a hopefully) their national identity and loyalty to their country outweighs their loyalty to China and Huawei.

    You'd hope that if they uncovered something and blew the whistle that the UK government would support them (you'd at least hope, I said!)

    1. Anonymous Coward
      Anonymous Coward

      "their national identity and loyalty to their country outweighs their loyalty to China and Huawei."

      For the vast majority of people, paying the bills is what drives loyalty. And if it's Huawei employees auditing Huawei products...

  17. John Savard

    General Principles

    The People's Republic of China is not a normal civilized democracy like the United States. People can be whisked off to labor camps by the secret police at whim. So of course no Chinese company can give credible assurances that vulnerabilities haven't been designed into its equipment - even if the threat may still be overblown at present because of the technical difficulty of not getting caught.

    In the future, though, much more insidious vulnerabilities may be possible.

    1. Don Jefe

      Re: General Principles

      To be fair, no Western company can give credible assurances that vulnerabilities haven't been designed into its equipment either.

      1. Rampant Spaniel

        Re: General Principles

        To be fair we all but know those vulnerabilities exist in all mainstream kit. The US and Canada already admitted sending the Ruskies some doctored SCADA software. Admittedly it was doctored to make stuff go kaboom, but if we have not been sending them dodgy kit for decades it begs the question, why not?

    2. Anonymous Coward
      Anonymous Coward

      Re: General Principles

      "normal civilized democracy like the United States"

      Thanks for making me laugh so much!

    3. Alan Brown Silver badge

      Re: General Principles

      "People can be whisked off to labor camps by the secret police at whim"

      And this hasn't happened to people the US govt doesn't like?

    4. cordwainer 1
      Big Brother

      Re: General Principles

      "The United States is no longer a normal civilized democracy. People, including U.S. Citizens, can be whisked off by the government to Guantanamo without due process and held there indefinitely, while any incriminating documents are somehow "lost."

      "The NSA believes it is acceptable to spy on anyone in the world, including its own citizens, also without probable cause, warrants, or due process - yet hypocritically, along with Great Britain, believes the alleged "right" to collect any and all information, secretly, and keep it indefinitely, should be reserved only for "democracies" that would never DREAM of abusing it.

      "Of course, thanks to the many holes in their systems, and the numerous leaks, no agency such as the NSA can give credible assurances that vulnerabilities haven't been designed into its equipment - even if the threat may still be overblown at present because of the technical difficulty of not getting caught (thanks to whistleblowers such as Snowden).

      "In the future, though, much more insidious vulnerabilities and abuses of legal and democratic processes and human rights may be possible."

      There - fixed that for you.

  18. Will Godfrey Silver badge

    Call me cynical

    but why now? I can't help wondering if someone is try to deflect attention away from what NSA and GCHQ are up to.

  19. Anonymous Coward
    Anonymous Coward

    And we wonder who will protect us against NSA'a massive data-trawling! NSA is volunteering to do the job!

    God, how do we elect such dopes to Parliament, (or Congress) and why do we tolerate such stupidity in the bureaucracy, especially at GCHQ. Asking the spies to vet themselves is like giving them a free pass to the holy of holies. Are they going to take advantage? Well, it would be somewhat unethical!!!

    1. J.G.Harston Silver badge

      "God, how do we elect such dopes to Parliament, (or Congress)"

      Because they wear the correct coloured rosettes.

    2. John Bailey
      Unhappy

      "God, how do we elect such dopes to Parliament,"

      Simple.. One career politician is pretty much like another.

      Only career politicians join the major political parties.

      Governments are made of major political parties.

      So who ever you vote for, a politician gets in.

      We vote the useless crooked oxygen thieves in, because the only other option is to not vote.

  20. Anonymous Coward
    Anonymous Coward

    Sauce for the goose?

    So if Huawei staff do the checks and say that all the Huawei kit is just fine and above board, then that's a conflict of interest.

    But if GCHQ do the checks and day that all the GCHQ snooping is legal and above board, then that's perfectly trustworthy?

    So how about Huawei taking a look at GCHQ's systems to see if they're telling the truth? No, I thought not...

    1. John Sturdy
      Black Helicopters

      Re: Sauce for the goose?

      ... if they haven't infiltrated each other by now!

  21. Stevie

    Bah!

    Tuned out after reading "self-policing". Does anyone actually *really* believe in it? Azathoth on a bike, even the Linux community cannot self-police as events this week have demonstrated, and if people who "do it for the sake of it" can't, then what are the chances anyone else will?

    1. John Sturdy
      Black Helicopters

      Re: Bah!

      Read Peter Wright's "Spycatcher" for a description of self-policing.

      IIRC, you have a very secretive organization "a", with secretive departments "a/b" and "a/c". Department "a/b" polices department "a/c" (but "a/c" doesn't know it), and department "a/c" polices department "a/b" (but "a/b" doesn't know it). Neither dares report their findings to anyone, but simply try to trip each other up.

      I don't expect that changes in government, technology, society, will have stopped them doing things like this.

  22. Anonymous Coward
    Anonymous Coward

    Bribes?

    This sounds like the kind of arrangement that is established using bribery.

    1. Don Jefe
      Meh

      Re: Bribes?

      Bribery is illegal. Employee exchanges, visiting partner information exchanges and 'embedded' parter programs are perfectly legal though. They're even willing to foot the bill and throw in a little extra for any inconveniences and the privilege of working with such experts.

  23. Anonymous Coward
    Anonymous Coward

    Absolutely f***ing nothing is going to be audited here. It's just a distraction to US/UK wrongdoings when it comes to snooping.

    What worth would an audit have anyway, if it's a) announced and b) carried out by the company who produced the kit in the first place.

    This is either complete nonsense or a very very poor attempt to shift the blame elsewhere.

    1. Alan Brown Silver badge

      Huawei's UK auditing unit is specifically setup to catch vulnerabilities and is done by staff who have access to (and the ability to compile) the source code. There are code vulnerabilities showing up all the time in various pieces of code (noone writes all their own stuff) and sometimes the vulnerability is in the method used by everybody, so they have their work cut out simply making sure various issues don't show up in Huawei kit.

      This is a lot more access to the internals that Cisco or Juniper give the staff of their UK operations.

      If the UK government wanted to audit this stuff for internal use they should do it in house. This whole things smacks of more red scarisms to try and take attention away from the herd of elephants int he room and the man hiding behind the curtain.

  24. earplugs

    huawei wants their money back

    Paid good money to be let off the hook, where's the rubber stamp we paid for?

  25. C. P. Cosgrove

    Not original !

    Isn't this report just a little similar to the recent Committee of Parliament being assured by GCHQ that they always adhered to the law ?

    Chris Cosgrove

  26. elaar

    Whilst the story of Huawei monitoring Huawei is rather comical, there is no security threat. The vast majority of these devices are used on private networks and any obvious data leakage would be easily detectable and if found (just once) would destroy a manufacturer's reputation for good.

    How many times has Cisco equipment been packet filtered over the years for various on-site issues? Imagine if just one packet looked odd, it would instantly bankrupt a company if made public.

    How would a Huawei router somehow have a hardcoded IP address coded into it, and somehow filter "relevant" data and then send it to that public IP without anyone noticing?

    1. Alan Brown Silver badge

      "The vast majority of these devices are used on private networks and any obvious data leakage would be easily detectable and if found (just once) would destroy a manufacturer's reputation for good."

      Which is exactly the point I made to my employers. We do monitor what goes in and out the gateway so such activity would show up pretty quickly.

  27. colin cuddehay
    Facepalm

    Go EDWARD SNOWDEN

    "report by an influential committee of MPs which warned of a conflict of interest …" They'd be experts in conflict of interest. "Anyway we can't have Chinese companies spying on British citizens" : said a government spokesperson, " that's our job, with help from the yanks " !

    1. Will Godfrey Silver badge

      Re: Go EDWARD SNOWDEN

      You know, I hadn't thought of that. This is indeed a direct attack on our fair country's employment. The Chinese would probably do a better job of spying (and cheaper too). We need a 'Save our Spooks' petition. Somebody call the Daily mail.

  28. Dick Pountain
    Holmes

    Would UK be any better?

    After the Snowden revelations about NSA and GCHQ, why would anyone believe that UK-manufactures kit is any less likely to be riddled with trapdoors?

  29. 7teven 4ect
    Black Helicopters

    Some reading between the lines

    UK: "We don't trust you"

    Huawei: "We build trust centre"

    GCHQ: "we take over trust centre and use it to spy on the East. Thank you."

    It's called 'externalising costs'. Austerity.

  30. KBeee

    Working for a big utility

    our computer system went down last week, and someone jokingly said "Chinese Hackers!"

    Then someone else said "But we're owned by the Chinese, they don't need to Hack us"

    "US Hackers!"

    When essential utilities such as water, gas, electricity etc. are foreign owned, I can't really see the problem, just so long as we do as we're told

    1. Alan Brown Silver badge

      Re: Working for a big utility

      Speaking of the "chinese hackers" meme:

      ALL the attacks I see originating from chinese netspace are from networks I'm aware are thoroughly pwned by externals (something the NSA leaks made abundantly clear btw) and are identical in form to those seen from other parts of the world.

      The first rule of cracking is to cloak yourself in several false flags.

      Why would the chinese be stupid enough to launch trcaeable attacks from their own territory when even the dumbest script kiddies know to bounce through a dozen proxies first?

      The largest danger comes from (dis)organised crime groups, not from foreign governments.

  31. WereWoof

    I seem to recall from a few years back about UK selling radio equipment to the Iraqi armed forces,with bugs built in so that during the 1st action against Iraq the Allies knew EXACTLY what the Iraqis were up to and credited it with saving many lives. Everyone is guilty these days, until proven innocent.

  32. JaitcH
    FAIL

    The US push back against Huawei is simply an ...

    attempt to get people to install NSA compliant CISCO and other equipment.

    Makes it easier for GCHQ, too.

This topic is closed for new posts.

Other stories you might like